At first thank you for your tips about the config!
So I figured out, that everything was not kerberos-authenticated, but ntlm-authenticated, so I had to adjust my config a bit, because I've heard in another thread here, that actually using kerberos is a lot faster than NTLM.
Old part:
> auth
Hello all,
I finaly got a squid proxy with kerberos authentification and LDAP group check to work! With a small amount of clients(1-10) everything works as it should and the squid is fast(no noticeable waiting time for websites to open). Users get authenticated, different AD groups can access t
I am currently using:###blocked websites###acl blockedsites dstdomain .domain1.com .domain2.com .domain3.com###end blocked websites###http_access deny blockedsitesSimple and working ;)--Diese Nachricht wurde von meinem Android Mobiltelefon mit WEB.DE Mail gesendet.Am 09.03.21, 12:58 schrieb ro
sadly I can not copy my log here, because the mail get rejected again and again because of this.
But here are the two errors, which I can see inside the cache.log.
Connected OK
group filter '(&(sAMAccountName=ldaptest)(memberOf=CN=Test1,OU=Groups,DC=my.domain,DC=com))', searchbase 'dc=my.dom
You were right! I realy don't know how I was able to miss this..
I removed "-R" and don't get the error anymore. I did read the documentation again and -K and -S should be fine. -d of course too.
But now I get the error "WARNING: LDAP search error 'Operations error'". I found out that many peo
of course I did read the documentation. Otherwise I would not have asked here. I would not ask for your time if the solution would be available for myself.
I am asking right here -after some weeks- because I do not know what is finally wrong.
I can't even figure out what the error means. Even goo
So I finally tried it on my Squid Proxy.
I edited the squid like this:
external_acl_type ad_group_member_check ttl=120 %LOGIN /usr/lib/squid/ext_ldap_group_acl -d -R -K -S -b "dc=domain,dc=com" -D proxyu...@domain.com -W /etc/squid/ldappass.txt -f "(&(sAMAccountName=%u)(memberOf=CN=%g,OU=G
Thanks for your replies!Yes, I did try "external_acl_type wbinfocheck %LOGIN /usr/lib/squid/ext_wbinfo_group_acl -K".So if my fqdn would be "my.domain.com" it would be:external_acl_type ad_group_member_check ttl=120 %LOGIN /usr/lib/squid/ext_ldap_group_acl -d -R -K -S -b "dc=domain,dc=com" -D 192.1
Hello all! :)
I am running squid 4.1 on the newest Linux Mint with Kerberos SSO(connected to my AD), so I can check for AD groups and therefore block websites and so on. Thanks to the very good documentation everything looks good so far!
But there is one realy big problem: Squid does not reco
